SOCaaS, or Security Operations Center as a Service, is an outsourced security approach, and this approach combines technologies such as XDR (extended detection & response), machine learning, telemetry correlation and team of security experts. The key element to this approach being the people element, and more specifically access to security experts and analysts. The idea of SOCaaS is to incorporate all the benefits of a fully built SOC (Security Operations Center) without the high investment—whether that’s investment in time, people, or money to build one.
The reality for most MSPs is that building out a SOC to deliver scalable and profitable managed detection & response services is not practical.
The term “co-managed” and how it relates to SOCaaS
This is a co-working model where both the SOCaaS provider and the MSP collaborate with a shared responsibility to secure clients. In this model, the SOC team becomes an extension of the existing IT staff where the security services being delivered to the client are transparent.
- The SOCaas provider does all the security heavy-lifting at various stages of a cybersecurity framework – whether that’s in the detection, investigation, or response phase
- Meanwhile, the MSP manages all of the client communications and relations.
This working model ensures that the MSP always stays in the value stream with their clients.
Considerations for MSPs when evaluating providers
- Is the service multi-tenant? – This should be a no-brainer, but often times SOCaaS offerings are not tailored to MSPs who manage multiple clients. Cross-customer threat detection & response capabilities become necessary and without them, visibility and the ability to respond across multiple clients is very limited and operationally inefficient.
- Which technologies does the service utilize? – Does the service leverage EDR or XDR, are there separate agents needed? How is threat intelligence being incorporated? What are the telemetry sources? These are just a few questions to think about.
- Are those technologies included in the price of the service or must they be bought separately?
- Does the service include proactive threat hunting, incident response & investigation? – Some SOC-as-a-service offerings are really just a “monitor and notify" type of service.
- What are the procurement terms? – Are there lengthy contracts involved? Are the terms yearly or monthly? It is important to ensure that the service procurement terms align with how you and your clients expect to be billed.
Business outcomes MSPs can expect from a SOCaaS Solution
- Team Augmentation – MSPs feel the pressure as a result of the IT personnel shortage, SOCaaS enables them to better focus existing IT resources on mission-critical initiatives. These types of services also provide an uncomplicated way to not only extend their security operations to 24x7, but also bring in security expertise without the associated expense.
- Operational Efficiency – SOCaaS offerings help improve overall cybersecurity efficiency. For example, it ensures that MSPs can quickly respond to, and contain client security incidents. Rapid response reduces the consequences of said security incidents. In addition, these services create an opportunity to centralize and connect information across security layers and clients.
- New MRR Streams – These services not only extend the portfolio, but also can act as a gateway to new opportunities and larger accounts that may have more demanding security requirements.
- Peace of Mind & Customer Retention – It’s hard to put a dollar amount on an intangible like peace of mind, but SOCaas offerings do allow MSPs, and their clients rest a little easier knowing a team of skilled experts are constantly monitoring their security posture. In addition, these high-value services are a lot stickier and make it less enticing for clients to switch providers.
While some of the business outcomes are more tangible than others, don’t disregard the intangible – they're just as important.